Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 6058 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web usage report

wutevatse

Hi all,

I'm trying to generate a report on web usage for some domains. However, we find that the report is not precise and accurate. 

Let's say I want to generate a report to see who have visited facebook.com

In a controlled environment, I would use userA as an example, userA only visited CNN.com but because CNN has embedded links to facebook.com or any marketing, statistic related tools on CNN.com,  userA would show up on the web usage report on facebook.com when I filtered down the report.

When I look closely at the web protection log,  any request to *.facebook.com  (* can be anything) would make the user show up on the web usage report for facebook.com

This does not provide an accurate report as to who actually visit facebook.com.

Does anyone have a way to create a more accurate report?

 

Thanks,

MT



This thread was automatically locked due to age.
  • 0

    What question are you being asked that makes you want more precision?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi,

    just pointing - Enable Application Control (No rules, allow all) and take a look at the application Control report for Facebook.

     

    Yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

  • 0

    To have any hope of accuracy, you have to enable https decrypt-and scan.

    Without it, URN web filtering only logs the connect event and only the host name, because that is all that it can see for https hosts like Facebook.

    With it, you get the same detail as http, every web request with full URL.

    There is a request# on each log entry.  It is probably assigned by the browser because it is not unique over long periods, but within short intervals (a few minutes) it appears to indicate requests related to the same event.

    Nonetheless, my attempts to get to your goal have been unsuccessful.  I do not know which events represent user requests and which represent embedded urls.

    I have not tried application control.  Perhaps that will be the solution.

Unfiltered HTML